From 351e6ebfbec97e0a2c12f2d056f2876cb0058e38 Mon Sep 17 00:00:00 2001
From: Nikita Sivukhin <sivukhin@turso.tech>
Date: Wed, 7 Aug 2024 18:52:57 +0400
Subject: [PATCH 1/4] add simple integration test

---
 libsql/tests/integration_tests.rs | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/libsql/tests/integration_tests.rs b/libsql/tests/integration_tests.rs
index 0f8e575949..cc239888d0 100644
--- a/libsql/tests/integration_tests.rs
+++ b/libsql/tests/integration_tests.rs
@@ -596,6 +596,22 @@ async fn debug_print_row() {
     );
 }
 
+#[tokio::test]
+async fn fts5_invalid_tokenizer() {
+    let db = Database::open(":memory:").unwrap();
+    let conn = db.connect().unwrap();
+    assert!(conn.execute(
+        "CREATE VIRTUAL TABLE t USING fts5(s, tokenize='trigram case_sensitive ')",
+        (),
+    )
+    .await.is_err());
+    assert!(conn.execute(
+        "CREATE VIRTUAL TABLE t USING fts5(s, tokenize='trigram remove_diacritics ')",
+        (),
+    )
+    .await.is_err());
+}
+
 #[cfg(feature = "serde")]
 #[tokio::test]
 async fn deserialize_row() {

From 3e56d28d8614a070dd632c6d54b0cdd1d2e08579 Mon Sep 17 00:00:00 2001
From: Nikita Sivukhin <sivukhin@turso.tech>
Date: Wed, 7 Aug 2024 16:57:49 +0400
Subject: [PATCH 2/4] fix potential crash in fts5

- see: https://sqlite.org/forum/forumpost/171bcc2bcd
---
 libsql-sqlite3/ext/fts5/fts5_tokenize.c | 60 ++++++++++++++-----------
 1 file changed, 33 insertions(+), 27 deletions(-)

diff --git a/libsql-sqlite3/ext/fts5/fts5_tokenize.c b/libsql-sqlite3/ext/fts5/fts5_tokenize.c
index f12056170f..7e239b6ca5 100644
--- a/libsql-sqlite3/ext/fts5/fts5_tokenize.c
+++ b/libsql-sqlite3/ext/fts5/fts5_tokenize.c
@@ -1290,40 +1290,46 @@ static int fts5TriCreate(
   Fts5Tokenizer **ppOut
 ){
   int rc = SQLITE_OK;
-  TrigramTokenizer *pNew = (TrigramTokenizer*)sqlite3_malloc(sizeof(*pNew));
-  UNUSED_PARAM(pUnused);
-  if( pNew==0 ){
-    rc = SQLITE_NOMEM;
+  TrigramTokenizer *pNew = 0;
+
+  if( nArg%2 ){
+    rc = SQLITE_ERROR;
   }else{
-    int i;
-    pNew->bFold = 1;
-    pNew->iFoldParam = 0;
-    for(i=0; rc==SQLITE_OK && i<nArg; i+=2){
-      const char *zArg = azArg[i+1];
-      if( 0==sqlite3_stricmp(azArg[i], "case_sensitive") ){
-        if( (zArg[0]!='0' && zArg[0]!='1') || zArg[1] ){
-          rc = SQLITE_ERROR;
+    pNew = (TrigramTokenizer*)sqlite3_malloc(sizeof(*pNew));
+    UNUSED_PARAM(pUnused);
+    if( pNew==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      int i;
+      pNew->bFold = 1;
+      pNew->iFoldParam = 0;
+      for(i=0; rc==SQLITE_OK && i<nArg; i+=2){
+        const char *zArg = azArg[i+1];
+        if( 0==sqlite3_stricmp(azArg[i], "case_sensitive") ){
+          if( (zArg[0]!='0' && zArg[0]!='1') || zArg[1] ){
+            rc = SQLITE_ERROR;
+          }else{
+            pNew->bFold = (zArg[0]=='0');
+          }
+        }else if( 0==sqlite3_stricmp(azArg[i], "remove_diacritics") ){
+          if( (zArg[0]!='0' && zArg[0]!='1' && zArg[0]!='2') || zArg[1] ){
+            rc = SQLITE_ERROR;
+          }else{
+            pNew->iFoldParam = (zArg[0]!='0') ? 2 : 0;
+          }
         }else{
-          pNew->bFold = (zArg[0]=='0');
-        }
-      }else if( 0==sqlite3_stricmp(azArg[i], "remove_diacritics") ){
-        if( (zArg[0]!='0' && zArg[0]!='1' && zArg[0]!='2') || zArg[1] ){
           rc = SQLITE_ERROR;
-        }else{
-          pNew->iFoldParam = (zArg[0]!='0') ? 2 : 0;
         }
-      }else{
-        rc = SQLITE_ERROR;
       }
-    }
 
-    if( pNew->iFoldParam!=0 && pNew->bFold==0 ){
-      rc = SQLITE_ERROR;
-    }
+      if( pNew->iFoldParam!=0 && pNew->bFold==0 ){
+        rc = SQLITE_ERROR;
+      }
 
-    if( rc!=SQLITE_OK ){
-      fts5TriDelete((Fts5Tokenizer*)pNew);
-      pNew = 0;
+      if( rc!=SQLITE_OK ){
+        fts5TriDelete((Fts5Tokenizer*)pNew);
+        pNew = 0;
+      }
     }
   }
   *ppOut = (Fts5Tokenizer*)pNew;

From 7ed14683a177ad913d63f06d5d6848846c6a0d00 Mon Sep 17 00:00:00 2001
From: Nikita Sivukhin <sivukhin@turso.tech>
Date: Wed, 7 Aug 2024 18:53:13 +0400
Subject: [PATCH 3/4] build bundles

---
 .../SQLite3MultipleCiphers/src/sqlite3.c      | 61 +++++++++++--------
 libsql-ffi/bundled/bindings/bindgen.rs        | 16 +++--
 libsql-ffi/bundled/src/sqlite3.c              | 61 +++++++++++--------
 3 files changed, 80 insertions(+), 58 deletions(-)

diff --git a/libsql-ffi/bundled/SQLite3MultipleCiphers/src/sqlite3.c b/libsql-ffi/bundled/SQLite3MultipleCiphers/src/sqlite3.c
index 529af0d52e..d7587cc38b 100644
--- a/libsql-ffi/bundled/SQLite3MultipleCiphers/src/sqlite3.c
+++ b/libsql-ffi/bundled/SQLite3MultipleCiphers/src/sqlite3.c
@@ -28,6 +28,7 @@
 **    README.md
 **    configure
 **    configure.ac
+**    ext/fts5/fts5_tokenize.c
 **    ext/jni/src/org/sqlite/jni/capi/CollationNeededCallback.java
 **    ext/jni/src/org/sqlite/jni/capi/CommitHookCallback.java
 **    ext/jni/src/org/sqlite/jni/capi/PreupdateHookCallback.java
@@ -259750,40 +259751,46 @@ static int fts5TriCreate(
   Fts5Tokenizer **ppOut
 ){
   int rc = SQLITE_OK;
-  TrigramTokenizer *pNew = (TrigramTokenizer*)sqlite3_malloc(sizeof(*pNew));
-  UNUSED_PARAM(pUnused);
-  if( pNew==0 ){
-    rc = SQLITE_NOMEM;
+  TrigramTokenizer *pNew = 0;
+
+  if( nArg%2 ){
+    rc = SQLITE_ERROR;
   }else{
-    int i;
-    pNew->bFold = 1;
-    pNew->iFoldParam = 0;
-    for(i=0; rc==SQLITE_OK && i<nArg; i+=2){
-      const char *zArg = azArg[i+1];
-      if( 0==sqlite3_stricmp(azArg[i], "case_sensitive") ){
-        if( (zArg[0]!='0' && zArg[0]!='1') || zArg[1] ){
-          rc = SQLITE_ERROR;
+    pNew = (TrigramTokenizer*)sqlite3_malloc(sizeof(*pNew));
+    UNUSED_PARAM(pUnused);
+    if( pNew==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      int i;
+      pNew->bFold = 1;
+      pNew->iFoldParam = 0;
+      for(i=0; rc==SQLITE_OK && i<nArg; i+=2){
+        const char *zArg = azArg[i+1];
+        if( 0==sqlite3_stricmp(azArg[i], "case_sensitive") ){
+          if( (zArg[0]!='0' && zArg[0]!='1') || zArg[1] ){
+            rc = SQLITE_ERROR;
+          }else{
+            pNew->bFold = (zArg[0]=='0');
+          }
+        }else if( 0==sqlite3_stricmp(azArg[i], "remove_diacritics") ){
+          if( (zArg[0]!='0' && zArg[0]!='1' && zArg[0]!='2') || zArg[1] ){
+            rc = SQLITE_ERROR;
+          }else{
+            pNew->iFoldParam = (zArg[0]!='0') ? 2 : 0;
+          }
         }else{
-          pNew->bFold = (zArg[0]=='0');
-        }
-      }else if( 0==sqlite3_stricmp(azArg[i], "remove_diacritics") ){
-        if( (zArg[0]!='0' && zArg[0]!='1' && zArg[0]!='2') || zArg[1] ){
           rc = SQLITE_ERROR;
-        }else{
-          pNew->iFoldParam = (zArg[0]!='0') ? 2 : 0;
         }
-      }else{
-        rc = SQLITE_ERROR;
       }
-    }
 
-    if( pNew->iFoldParam!=0 && pNew->bFold==0 ){
-      rc = SQLITE_ERROR;
-    }
+      if( pNew->iFoldParam!=0 && pNew->bFold==0 ){
+        rc = SQLITE_ERROR;
+      }
 
-    if( rc!=SQLITE_OK ){
-      fts5TriDelete((Fts5Tokenizer*)pNew);
-      pNew = 0;
+      if( rc!=SQLITE_OK ){
+        fts5TriDelete((Fts5Tokenizer*)pNew);
+        pNew = 0;
+      }
     }
   }
   *ppOut = (Fts5Tokenizer*)pNew;
diff --git a/libsql-ffi/bundled/bindings/bindgen.rs b/libsql-ffi/bundled/bindings/bindgen.rs
index 9dec505c10..cc73807f33 100644
--- a/libsql-ffi/bundled/bindings/bindgen.rs
+++ b/libsql-ffi/bundled/bindings/bindgen.rs
@@ -940,7 +940,7 @@ extern "C" {
 extern "C" {
     pub fn sqlite3_vmprintf(
         arg1: *const ::std::os::raw::c_char,
-        arg2: va_list,
+        arg2: *mut __va_list_tag,
     ) -> *mut ::std::os::raw::c_char;
 }
 extern "C" {
@@ -956,7 +956,7 @@ extern "C" {
         arg1: ::std::os::raw::c_int,
         arg2: *mut ::std::os::raw::c_char,
         arg3: *const ::std::os::raw::c_char,
-        arg4: va_list,
+        arg4: *mut __va_list_tag,
     ) -> *mut ::std::os::raw::c_char;
 }
 extern "C" {
@@ -2503,7 +2503,7 @@ extern "C" {
     pub fn sqlite3_str_vappendf(
         arg1: *mut sqlite3_str,
         zFormat: *const ::std::os::raw::c_char,
-        arg2: va_list,
+        arg2: *mut __va_list_tag,
     );
 }
 extern "C" {
@@ -3524,4 +3524,12 @@ extern "C" {
 extern "C" {
     pub static sqlite3_wal_manager: libsql_wal_manager;
 }
-pub type __builtin_va_list = *mut ::std::os::raw::c_char;
+pub type __builtin_va_list = [__va_list_tag; 1usize];
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct __va_list_tag {
+    pub gp_offset: ::std::os::raw::c_uint,
+    pub fp_offset: ::std::os::raw::c_uint,
+    pub overflow_arg_area: *mut ::std::os::raw::c_void,
+    pub reg_save_area: *mut ::std::os::raw::c_void,
+}
diff --git a/libsql-ffi/bundled/src/sqlite3.c b/libsql-ffi/bundled/src/sqlite3.c
index 529af0d52e..d7587cc38b 100644
--- a/libsql-ffi/bundled/src/sqlite3.c
+++ b/libsql-ffi/bundled/src/sqlite3.c
@@ -28,6 +28,7 @@
 **    README.md
 **    configure
 **    configure.ac
+**    ext/fts5/fts5_tokenize.c
 **    ext/jni/src/org/sqlite/jni/capi/CollationNeededCallback.java
 **    ext/jni/src/org/sqlite/jni/capi/CommitHookCallback.java
 **    ext/jni/src/org/sqlite/jni/capi/PreupdateHookCallback.java
@@ -259750,40 +259751,46 @@ static int fts5TriCreate(
   Fts5Tokenizer **ppOut
 ){
   int rc = SQLITE_OK;
-  TrigramTokenizer *pNew = (TrigramTokenizer*)sqlite3_malloc(sizeof(*pNew));
-  UNUSED_PARAM(pUnused);
-  if( pNew==0 ){
-    rc = SQLITE_NOMEM;
+  TrigramTokenizer *pNew = 0;
+
+  if( nArg%2 ){
+    rc = SQLITE_ERROR;
   }else{
-    int i;
-    pNew->bFold = 1;
-    pNew->iFoldParam = 0;
-    for(i=0; rc==SQLITE_OK && i<nArg; i+=2){
-      const char *zArg = azArg[i+1];
-      if( 0==sqlite3_stricmp(azArg[i], "case_sensitive") ){
-        if( (zArg[0]!='0' && zArg[0]!='1') || zArg[1] ){
-          rc = SQLITE_ERROR;
+    pNew = (TrigramTokenizer*)sqlite3_malloc(sizeof(*pNew));
+    UNUSED_PARAM(pUnused);
+    if( pNew==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      int i;
+      pNew->bFold = 1;
+      pNew->iFoldParam = 0;
+      for(i=0; rc==SQLITE_OK && i<nArg; i+=2){
+        const char *zArg = azArg[i+1];
+        if( 0==sqlite3_stricmp(azArg[i], "case_sensitive") ){
+          if( (zArg[0]!='0' && zArg[0]!='1') || zArg[1] ){
+            rc = SQLITE_ERROR;
+          }else{
+            pNew->bFold = (zArg[0]=='0');
+          }
+        }else if( 0==sqlite3_stricmp(azArg[i], "remove_diacritics") ){
+          if( (zArg[0]!='0' && zArg[0]!='1' && zArg[0]!='2') || zArg[1] ){
+            rc = SQLITE_ERROR;
+          }else{
+            pNew->iFoldParam = (zArg[0]!='0') ? 2 : 0;
+          }
         }else{
-          pNew->bFold = (zArg[0]=='0');
-        }
-      }else if( 0==sqlite3_stricmp(azArg[i], "remove_diacritics") ){
-        if( (zArg[0]!='0' && zArg[0]!='1' && zArg[0]!='2') || zArg[1] ){
           rc = SQLITE_ERROR;
-        }else{
-          pNew->iFoldParam = (zArg[0]!='0') ? 2 : 0;
         }
-      }else{
-        rc = SQLITE_ERROR;
       }
-    }
 
-    if( pNew->iFoldParam!=0 && pNew->bFold==0 ){
-      rc = SQLITE_ERROR;
-    }
+      if( pNew->iFoldParam!=0 && pNew->bFold==0 ){
+        rc = SQLITE_ERROR;
+      }
 
-    if( rc!=SQLITE_OK ){
-      fts5TriDelete((Fts5Tokenizer*)pNew);
-      pNew = 0;
+      if( rc!=SQLITE_OK ){
+        fts5TriDelete((Fts5Tokenizer*)pNew);
+        pNew = 0;
+      }
     }
   }
   *ppOut = (Fts5Tokenizer*)pNew;

From 0d411057ae5d42bffd1e451bfc2e5aa44ab72042 Mon Sep 17 00:00:00 2001
From: Nikita Sivukhin <sivukhin@turso.tech>
Date: Thu, 8 Aug 2024 00:33:27 +0400
Subject: [PATCH 4/4] cargo fmt

---
 libsql/tests/integration_tests.rs | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/libsql/tests/integration_tests.rs b/libsql/tests/integration_tests.rs
index cc239888d0..cdb0a985c3 100644
--- a/libsql/tests/integration_tests.rs
+++ b/libsql/tests/integration_tests.rs
@@ -600,16 +600,20 @@ async fn debug_print_row() {
 async fn fts5_invalid_tokenizer() {
     let db = Database::open(":memory:").unwrap();
     let conn = db.connect().unwrap();
-    assert!(conn.execute(
-        "CREATE VIRTUAL TABLE t USING fts5(s, tokenize='trigram case_sensitive ')",
-        (),
-    )
-    .await.is_err());
-    assert!(conn.execute(
-        "CREATE VIRTUAL TABLE t USING fts5(s, tokenize='trigram remove_diacritics ')",
-        (),
-    )
-    .await.is_err());
+    assert!(conn
+        .execute(
+            "CREATE VIRTUAL TABLE t USING fts5(s, tokenize='trigram case_sensitive ')",
+            (),
+        )
+        .await
+        .is_err());
+    assert!(conn
+        .execute(
+            "CREATE VIRTUAL TABLE t USING fts5(s, tokenize='trigram remove_diacritics ')",
+            (),
+        )
+        .await
+        .is_err());
 }
 
 #[cfg(feature = "serde")]